Spying on the Smart Home: Privacy Attacks and Defenses on Encrypted IoT Traffic
The growing market for smart home IoT devices promises new conveniences for consumers while presenting new challenges for preserving privacy within the home. Many smart home devices have always-on sensors that capture users' offline activities in their living spaces and transmit information abo...
Gespeichert in:
Hauptverfasser: | , , , , |
---|---|
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext bestellen |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
Zusammenfassung: | The growing market for smart home IoT devices promises new conveniences for
consumers while presenting new challenges for preserving privacy within the
home. Many smart home devices have always-on sensors that capture users'
offline activities in their living spaces and transmit information about these
activities on the Internet. In this paper, we demonstrate that an ISP or other
network observer can infer privacy sensitive in-home activities by analyzing
Internet traffic from smart homes containing commercially-available IoT devices
even when the devices use encryption. We evaluate several strategies for
mitigating the privacy risks associated with smart home device traffic,
including blocking, tunneling, and rate-shaping. Our experiments show that
traffic shaping can effectively and practically mitigate many privacy risks
associated with smart home IoT devices. We find that 40KB/s extra bandwidth
usage is enough to protect user activities from a passive network adversary.
This bandwidth cost is well within the Internet speed limits and data caps for
many smart homes. |
---|---|
DOI: | 10.48550/arxiv.1708.05044 |